| version 1.32, 2005/07/14 19:27:18 |
version 1.33, 2005/08/03 09:20:30 |
|
|
| initializes the system so you can use S/Key one-time passwords to log in. |
initializes the system so you can use S/Key one-time passwords to log in. |
| The program will ask you to enter a secret passphrase which is used by |
The program will ask you to enter a secret passphrase which is used by |
| .Xr skey 1 |
.Xr skey 1 |
| to generate one-time passwords; |
to generate one-time passwords: |
| enter a phrase of several words in response. |
enter a phrase of several words in response. |
| After the S/Key database |
After the S/Key database |
| has been updated you can log in using either your regular password |
has been updated you can log in using either your regular password |
|
|
| .Pp |
.Pp |
| Before initializing an S/Key entry, the user must authenticate |
Before initializing an S/Key entry, the user must authenticate |
| using either a standard password or an S/Key challenge. |
using either a standard password or an S/Key challenge. |
| To use a one-time password for initial authentication, the |
To use a one-time password for initial authentication, |
| .Dq Fl a Li skey |
.Ic skeyinit -a skey |
| option can be used. |
can be used. |
| The user will then be presented with the standard |
The user will then be presented with the standard |
| S/Key challenge and allowed to proceed if it is correct. |
S/Key challenge and allowed to proceed if it is correct. |
| .Pp |
.Pp |
|
|
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl a Ar auth-type |
.It Fl a Ar auth-type |
| Specify an authentication type such as |
Before an S/Key entry can be initialised, |
| |
the user must authenticate themselves to the system. |
| |
This option allows the authentication type to be specified, such as |
| .Dq krb5 , |
.Dq krb5 , |
| .Dq passwd , |
.Dq passwd , |
| or |
or |
|
|
| .It Fl r |
.It Fl r |
| Removes the user's S/Key entry. |
Removes the user's S/Key entry. |
| .It Fl s |
.It Fl s |
| Set secure mode where the user is expected to have used a secure |
Secure mode. |
| |
The user is expected to have already used a secure |
| machine to generate the first one-time password. |
machine to generate the first one-time password. |
| Without the |
Without the |
| .Fl s |
.Fl s |
|
|
| .Fl s |
.Fl s |
| option also allows one to set the seed and count for complete |
option also allows one to set the seed and count for complete |
| control of the parameters. |
control of the parameters. |
| You can use |
.Pp |
| .Ic skeyinit -s |
|
| in combination with the |
|
| .Nm skey |
|
| command to set the seed and count if you do not like the defaults. |
|
| To do this run |
|
| .Nm |
|
| in one window and put in your count and seed, then run |
|
| .Nm skey |
|
| in another window to generate the correct 6 English words for that |
|
| count and seed. |
|
| You can then "cut-and-paste" or type the words into the |
|
| .Nm |
|
| window. |
|
| When the |
When the |
| .Fl s |
.Fl s |
| option is specified, |
option is specified, |
|
|
| If a user has no entry in the S/Key database, an alternate authentication |
If a user has no entry in the S/Key database, an alternate authentication |
| type must be specified via the |
type must be specified via the |
| .Fl a |
.Fl a |
| option. |
option |
| |
(see above). |
| Please note that entering a password or passphrase in plain text |
Please note that entering a password or passphrase in plain text |
| defeats the purpose of using |
defeats the purpose of using |
| .Dq secure |
.Dq secure |
| mode. |
mode. |
| |
.Pp |
| |
You can use |
| |
.Ic skeyinit -s |
| |
in combination with the |
| |
.Nm skey |
| |
command to set the seed and count if you do not like the defaults. |
| |
To do this run |
| |
.Ic skeyinit -s |
| |
in one window and put in your count and seed, then run |
| |
.Xr skey 1 |
| |
in another window to generate the correct 6 English words for that |
| |
count and seed. |
| |
You can then "cut-and-paste" or type the words into the |
| |
.Nm |
| |
window. |
| .It Fl x |
.It Fl x |
| Displays one-time passwords in hexadecimal instead of ASCII. |
Displays one-time passwords in hexadecimal instead of ASCII. |
| .It Ar user |
.It Ar user |
![[BACK]](/icons/back.gif){kind=icon}
Return to skeyinit.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / skeyinit